Directory Fuzzing
Among all listed tools below , ffuf gave me best results in every scenarios and also use directory-list-2.3-medium.txt for most of common scenarios
Ffuf
Simple Scan
ffuf -w /opt/dirsearch/small.txt -u http://10.10.118.46/FUZZIgnoring particular status code
ffuf -w /opt/dirsearch/big.txt -u http://10.10.191.30:80/FUZZ -fc 401VHOST Fuzzing
ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.horizontall.htb" -u http://horizontall.htbExtension
ffuf -w /opt/dirsearch/big.txt -u http://bounty.htb/FUZZ -e .asp,.aspx,.txtGoBuster
Normal Scan
gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u 10.10.10.56 -x txt,phpAppend / to each request
Sometimes it's necessary to look only for directories and not for files so we can append / to every request to look for only directories
gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u 10.10.10.56 -fGobuster supports different enumeration modes, including fuzzing and dns, but for now, we'll only rely on the dir mode, which enumerates files and directories. We need to specify the target IP using the -u parameter and a wordlist with -w. The default running threads are 10; we can reduce the amount of traffic by setting a lower number via the -t parameter.
gobuster dir -u 192.168.1.1 -w /usr/share/wordlists/dirb/common.txt -t 5Excluding a particular length:
gobuster dir -u 192.168.1.16 -w /usr/share/wordlists/dirb/common.txt --exclude-length 0Providing a pattern:
Create a file with the following lines (lets call it pattern.txt)
{GOBUSTER}/v1
{GOBUSTER}/v2Then run the following command:
gobuster dir -u http://192.168.1.1:5002 -w /usr/share/wordlists/dirb/big.txt -p patternSimple Curl request:
curl -i http://192.168.1.16:5002/users/v1DirSearch
dirsearch.py -u http://10.10.10.5:80/ -e txt,asp,aspxSome Extension
sh,txt,php,html,htm,asp,aspx,js,xml,log,json,jpg,jpeg,png,gif,doc,pdf,mpg,mp3,zip,tar.gz,tarLast updated